CornSnakes.com Forums  
  Tired of those Google and InfoLinks ads? Register and log in!

Go Back   CornSnakes.com Forums > Administrative > Discussions about this site
Register FAQ Members List Calendar Mark Forums Read

Notices

Discussions about this site How is this site doing? Any suggestions to make? This is the forum to talk about this website in general.

Rerouted to AFF...
Reply
 
Thread Tools Display Modes
Old 10-13-2013, 06:05 PM   #151
Buttons
This has been happening on and off for me for at least a month now.
 
Old 10-13-2013, 06:11 PM   #152
Slinky'sMommy
Rerouted to a girl taking her shirt off again
 
Old 10-14-2013, 01:05 AM   #153
cornsnakeforsale_com
Rich: Was out of town for the past several days, so I haven't checked in til now. Yup, got me again.

Kudos on looking into it to this level and upgrading the hardware. I don't want to be a downer, but you might need to upgrade vbulletin as well, this old version has many published vulnerabilities (not that the newer versions are necessarily more secure, they just have different holes).

Upgrading vbulletin can be quite the pain in the butt too, but if you plop your current install down on a new box the problem will still exist if it's within your install. It's extremely unlikely that it's a problem down as deep as linux or apache, most likely it's vbulletin that has been hacked.

If you look at the chain of events this is what I logged just now:

Referer: http://www.cornsnakes.com/forums/sho...133252&page=10
GET /forums/clientscript/vbulletin_global.js?v=373 HTTP/1.1
Host: www.cornsnakes.com
HTTP/1.1 302 Found
Location: http://j9v9jks7rg96aymzoce03gw.alumi...MlM2Z2PTM3Mw==

This says, I went to the Referer url and requested /forums/clientscript/vbulletin_global.js?v=373 as my normal course of business. Somewhere in that script it told my browser to redirect (302 Found) to the Location url (which then did a couple of redirects for itself to keep track of who gets paid for sending us to the adult websites).

The Location url has the ?g= parameter passed in which if you do a base 64 decode really reads:

js=1&smcntnkw=oxqcvci&time=1310140214447349341&src =145&surl=www.cornsnakes.com&sport=80&key=9E7694A0 &suri=/forums/clientscript/vbulletin_global.js%3fv=373

This one is also suspect to me: http://www.cornsnakes.com/forums/cli..._menu.js?v=373

They bothered recording the script that got you there (vbulletin_global.js (v373)), so I'm looking at that as a big red flag twice now. I would check if that has been changed recently or if you might be able to roll back to an older version perhaps). I don't know what you might have changed on that to get to version 373. In the vbulletin admin area it logs admin access, so you can check if someone has been in there mucking around (I've seen them weasel their way in and give themselves admin access). You know what day it started since you have an active site and the OP was right on it.

It could be that those scripts have been tampered with, or possibly that whatever they're designed to do naturally is happening and inserting some other malicious code or similar.

Good luck, I think you're hot on their trail.
 
Old 10-14-2013, 01:33 AM   #154
Rich Z
Sorry, but both my programmer and the security guy determined that the server was hacked, at least through Cpanel and many executables have been corrupted. It's actually a miracle that my sites are even running right now.

As for upgrading vBulletin, my programmer is against this. Simply because vBulletin was bought out by Internet Brands and nearly all of the programming staff there quit. Apparently the replacement programming staff is, well, let's just say weak. The bailing programmers apparently started up their own company, and are developing a message board system, and, of course, there are law suits involved between those parties. So right now, there really isn't any good option available as an upgrade, and between my programmer and the security guy I will be keeping on retainer, I am hopeful that this sort of problem won't crop up again.

Also part of the issue was that according to the security guy, the hosting company for my server did not do nearly the stuff that is basic and standard in securing a server. So that pretty much left holes in the OS that hackers were able to take advantage of. My programmer has been pretty diligent about patching this version of vBulletin when security holes are made known, and when he researched this problem, he looked VERY hard at the vBulletin code to make sure the intrusions weren't coming in that way.

So all in all, I think I'm on the best path I can take, all things considered.

But thanks for the advice and input.
 
Old 10-14-2013, 03:15 AM   #155
Buzzbee
I'd like to take offence at having constantly been rerouted to online dating sites - low blow internet bugs!! (especially first thing this morning before I'd built up my tea defences)
 
Old 10-14-2013, 11:40 AM   #156
cornsnakeforsale_com
Well, we all hope to see it fixed soon, good luck.
 
Old 10-14-2013, 12:40 PM   #157
Rich Z
Dammit....... Just got word from the server hosting guy that the server he sold me isn't actually available. Just great of him to take all this time to figure that out.................

He's offering me one with dual 5639 processors instead of the original 2620s and bumping RAM up to 24gb. Shouldn't be that much difference, but it delays getting the server built while all this is going on.

Double dammit..... Where's that Excedrin bottle?
 
Old 10-14-2013, 02:48 PM   #158
Guruofchem
As the prophet once said:

"Like kidneystones, server problems too shall pass....ARRGGGHHHHHHHHH!"
 
Old 10-14-2013, 02:50 PM   #159
Christen
Quote:
Originally Posted by Guruofchem View Post
As the prophet once said:

"Like kidneystones, server problems too shall pass....ARRGGGHHHHHHHHH!"
That is great. Cause like kidney stones it is a giant pain in the bleep.
 
Old 10-14-2013, 11:24 PM   #160
Wamba681
*tosses excedrin bottle to Rich* Make sure to give that back now! Hope you get this all fixed Good thing I've got no little ones at home that'd be shocked to see those pages.
 

Join now to reply to this thread or open new ones for your questions & comments! Cornsnakes.com is the largest online community dedicated to cornsnakes . Registration is open to everyone and FREE. Click Here to Register!

Google
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 05:29 PM.





Fauna Top Sites
 

Powered by vBulletin® Version
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Page generated in 0.05123305 seconds with 10 queries
Copyright Rich Zuchowski/SerpenCo